samba.git/python/samba/tests/dns_packet.py, branch master Unnamed repository; edit this file 'description' to name the repository. pytests: dns_packet tests check rcodes match Windows 2026-04-16T00:54:43+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2020-06-03T02:42:41+00:00 cf44e414bde6ed85a1e19e186630759af904c2bf the dns_packet tests originally checked only for a particular DoS situation (CVE-2020-10745) but now we widen them to ensure Samba's replies to invalid packets resembles those of Windows (in particular, Windows 2012r2). We want Samba to reply only when Windows replies, and with the same rcode. At present we fail a lot of these tests. The original CVE-2020-10745 test is retained and widened indirectly -- any test that leaves the server unable to respond within 0.5 seconds will count as a failure. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> 
the dns_packet tests originally checked only for a particular DoS
situation (CVE-2020-10745) but now we widen them to ensure Samba's
replies to invalid packets resembles those of Windows (in particular,
Windows 2012r2). We want Samba to reply only when Windows replies, and
with the same rcode.

At present we fail a lot of these tests.

The original CVE-2020-10745 test is retained and widened indirectly --
any test that leaves the server unable to respond within 0.5 seconds
will count as a failure.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
python:tests: Remove unnecessary f‐strings 2023-10-25T22:23:37+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2023-10-24T03:32:31+00:00 c750c1db7f2e9127efac978aa0490015eb3c24d7 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
CVE-2020-14303 Ensure an empty packet will not DoS the NBT server 2020-07-02T09:01:41+00:00 Andrew Bartlett abartlet@samba.org 2020-06-24T23:59:54+00:00 b232a7bc546f8e6fdb638164a8411772e67c8864 Signed-off-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
CVE-2020-10745: pytests: hand-rolled invalid dns/nbt packet tests 2020-07-02T09:01:41+00:00 Douglas Bagnall douglas.bagnall@catalyst.net.nz 2020-06-11T05:38:51+00:00 f4b2fd00fe34e3e8d934da3a11329f3d79b437d9 The client libraries don't allow us to make packets that are broken in certain ways, so we need to construct them as byte strings. These tests all fail at present, proving the server is rendered unresponsive, which is the crux of CVE-2020-10745. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
The client libraries don't allow us to make packets that are broken in
certain ways, so we need to construct them as byte strings.

These tests all fail at present, proving the server is rendered
unresponsive, which is the crux of CVE-2020-10745.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>